As the media has covered in the last couple of days, Tory MP Nadine Dorries’ attempt to defend Damian Green over his alleged viewing of pornography on his parliamentary computer led to her rash admission that she routinely lets her staff use her credentials to log onto her own parliamentary computer – and that she often has to ask them to remind her what her password is:

This revelation sparked social media astonishment on the part of IT professionals:

It seems that the IT managers of Parliament’s Digital Service were equally appalled, as demonstrated by a email it sent to all parliamentary personnel this afternoon. The email’s drips with the exasperation of someone who works hard to achieve an objective only to see it all undone by idiocy, along with a tone of suppressed panic:

No matter how many technical systems we put in place, we also rely on you to help us to protect yourself, your office and the wider parliamentary community from cyber attack. Cyber security is everyone’s responsibility.

A strong password, known only to you, is an essential first- line defence . As the attack in June demonstrated, weak and shared passwords can put the entire parliamentary network at risk.

Parliament’s ICT Security Policy, which we all agree to comply with as a condition of using parliamentary digital services, clearly states:

“Passwords must be considered as confidential and must be used only by the originator (and so not shared with other users)”. If you share your password, or login as anyone other than yourself, you are in breach of this policy.

If you have been working in an insecure way by sharing your password with others, or by logging in to someone else’s account, we would like to help. In most scenarios, the solution is to provide colleagues with delegated access to your email and calendar via their own accounts. Contact the Support Desk on 020 7219 2001 to set this up. If your issues are more sensitive or more complex, please contact cyber@parliament.uk , and someone will call or email you back.

This email, which veers from a strict tone at first to the forced gentleness you might use when asking a toddler to put down a loaded gun, demonstrates beyond question that Ms Dorries has been in breach of a strict policy that she personally signed to accept.

But the fact that the Digital Service had to send this message to every user of the parliamentary ICT system suggests that such bad practice may well be widespread around Westminster.

As the email points out, Parliament suffered a serious IT security breach as recently as June:

Everyone with access to Parliament’s network was told to change their passwords after parliamentary users’ log-in details were compromised – but it appears that the first thing at least some of them then did was to render the security of Parliament’s IT systems defunct by giving those new passwords to various other people.

The Digital Service was not the only organisation to be horrified by the poor practice. The Information Commissioner’s office also issued a stern warning that MPs may be breaking the law:

The amount that Parliament spends on ICT security will undoubtedly run into millions – but with terrifying casualness it has been rendered a waste of money by people who don’t understand, or don’t care about, such trivial matters as preventing unauthorised access to potentially very sensitive information.

The prospect that the sharing of passwords with staff has been a widespread practice on the parliamentary estate means that information security in Parliament has been compromised for months or even years – no matter how much money has been spent on system security.

Who knows what information has passed into the wrong hands because of arrogance or simply astonishingly sloppy, unthinkingly-casual poor practice?

Nadine Dorries was contacted for comment but did not respond by the time of publication.

The SKWAWKBOX needs your support. This blog is provided free of charge but depends on the generosity of its readers to be viable. If you can afford to, please click here to arrange a one-off or modest monthly donation via PayPal. Thanks for your solidarity so this blog can keep bringing you information the Establishment would prefer you not to know about.

It is beyond my comprehension how anyone could imagine that publicly revealing such slipshod behaviour re IT security could possibly act as a defence of a colleague (in both my paid job and my volunteer role I have to be security conscious – in one I administer my employer’s client database, and in the other I have control of NAS West Norfolk’s membership list, so I know whereof I write). The question is not whether Mr Green is guilty of a sackable offence, but only which sackable offence he is guilty of.

They think we’re all as f***ing THICK as them when they expect us to think it’s alright to allow people to log in on their passwords. They’re so imbecilic that they just don’t grasp how much injury they’re adding to insult by even suggesting such piffle – nevermind trying to palm it off as plausible.

Maybe dorries believes (like the other gobshite ‘dicky’ davies) there’s a certain amount of nobility in defending a condemned idiot.

They really are the weirdest, most unfit shower of shabbite EVER. They really are an excuse for mass euthanasia of the ruling classes.

Sorry, this is dead cat strategy-I don’t believe a word of this-even Tory MP’s have enough nous to know what spyware & malware are & how they get on to computers & then infect the whole system-so should we really believe Parliament’s IT people have just realised this has been going on & have never picked it up in their monitoring?

They make the law, make everyone else follow said laws for fear of fines/imprisonment/job loss.
But.when MPs get caught breaking basic IT security, they.get the kid glove treatment or play the ‘not me guv’ trick. Time these individuals were made to do unpaid work in.foodbanks/homeless shelters/hospitals as forms of restitution.

This means if you have been in contact with your MP your own data/cybersecurity is compromised. It means that any scumbag IT expert can obtain your details possibly with devastating results.
I think we should start a campaign for the Data Commissioner to investigate immediately. I will post a copy of my email to my MP regarding this as soon as I work out how to do it, please help here.
I think it’s a major issue that the MSM will skip.
ps Do you think she is working for the Russians?

I have read elsewhere that the HoP systems allow office staff to access email accounts without having to use the Minster (or whoever) password. It’s a fairly standard sort of office IT environment. There should also be Systems Admin systems in place to pick up the access and viewing of “banned” sites – oh yes, they know all. So there must have been a tacit rule in place that there were no off-limits web-sites for the whole of the Palace of Westminster. One wonders how many of the sites that were visited required payment too.

Plus apparently the only office staff in Damien Greens’ office were two women and a gay bloke. I’m waiting to see who of those are sacked for accessing the extreme porn for hours after hour every day.

NADINE DORRIES, A TORY OF THE BRAIN DEAD TYPE!
MUCH LIKE THE REST OF EM!
USING STUPIDITY AS A DEFENCE!
A POSH SCOUSE WHO BELIEVES THE SECURITY OF OUR COUNTRY LIES WITH THE TORIES!
IT DOESN’T MATTER THAT EVERYONE IN HER OFFICE KNOWS HER PASSWORD OR ANY HACKER FOR THAT FACT!
THEY USE PARLIAMENTARY COMPUTERS TO DOWNLOAD AND WATCH PORN OF THE WORST TYPE!
WHILE CARRYING OUT THEIR WORK DUTIES!
BOTH SACKABLE OFFENCES IN THE PRIVATE SECTOR!
SACK HER AND GREEN, OR ANY OTHER TORY POLITICIAN THAT THINKS THE SAME!

According to Information Commissioner anyone concerned about Nadine Dorries complete lack of knowledge of the data protection act and blatant violation of parliamentary security policy should contact the data controller for Nadine Dorries office who is Nadine Dorries!https://ico.org.uk/ESDWebPages/Entry/Z1716668

This is brilliant, what a way to save your job, I left my pc on, gave my password to everybody that fancied it and they all wrote letters on my behalf, I wrote to the PM recently and said strong and stable was not a good idea, she said she never received it, she did however receive one saying it was a vote winner from me and on that basis held a general election, I never wrote it, someone was using my pc, perhaps they need to send all tory mp’s on fitness to work medicals. the part can you use a computer springs to mind
1 can you download porn or have it mysterisously appear
2. can you let anyone have your password and use your pc allowing them to read personal government files
3. do you know about the data protection act and how to break it

answer yes to any three of them and we want you.

If I was not taking the mick don’t they think that this maybe just a little bit serious, silly me for entertaining such a thought we live in perfect tory bubble world